Rewterz Threat Alert – PikaBot Malware Actively Distributed by Water Curupira Threat Actors – Active IOCs
January 11, 2024Rewterz Threat Alert – CoinMiner Malware – Active IOCs
January 11, 2024Rewterz Threat Alert – PikaBot Malware Actively Distributed by Water Curupira Threat Actors – Active IOCs
January 11, 2024Rewterz Threat Alert – CoinMiner Malware – Active IOCs
January 11, 2024Severity
High
Analysis Summary
Cisco has patched a critical vulnerability tracked as CVE-2024-20272 that impacts Unity Connection and could allow a threat actor to execute arbitrary commands on the targeted system.
The security flaw is an upload bug of arbitrary files that reside within the web-based management interface. This occurs due to the improper validation of user-supplied data and lack of authentication in a specific API. This flaw can be exploited when a threat actor uploads arbitrary files to an infected system. When successfully exploited, it allows the threat actor to save malicious files on the targeted system, execute arbitrary commands, and elevate privileges to root.
The vulnerability impacts the following versions of Cisco Unity Connection:
- 12.5 and earlier (Fixed in version 12.5.1.19017-4)
- 14 (Fixed in version 14.0.1.14006-5)
The vulnerability was discovered by a security researcher, and Cisco has not mentioned whether it is being exploited in the wild. It is still advised to update and apply the patch and mitigate any potential threats.
Along with the patch for CVE-2024-20272, Cisco also released fixes for 11 vulnerabilities of medium severity for various products, like TelePresence Management Suite (TMS), ThousandEyes Enterprise Agent, WAP371 Wireless Access Point, and Identity Services Engine. However, the company made it clear that it has no intentions of patching the command injection vulnerability in WAP371, tracked as CVE-2024-20287 (CVSS score: 6.5), since the device reached end-of-life back in June 2019. It is recommended that the customers still using the device migrate to the Cisco Business 240AC Access Point instead.
Impact
- Command Execution
- Privilege Escalation
Indicators Of Compromise
Affected Vendors
Cisco
Affected Products
- Cisco Unity Connection 11.0
- Cisco Unity Connection 14
Remediation
- Refer to Cisco Security Advisory for patch, upgrade, or suggested workaround information.
- Implement multi-factor authentication to add an extra layer of security to login processes.
- Regularly monitor network activity for any unusual behavior, as this may indicate that a cyberattack is underway.
- Organizations need to stay vigilant and follow best practices for cybersecurity to protect their systems and data from potential threats. This includes regularly updating software and implementing strong access controls and monitoring tools.
- Develop a comprehensive incident response plan to respond effectively in case of a security breach or data leakage.
- Maintain regular backups of critical data and systems to ensure data recovery in case of a security incident.
- Adhere to security best practices, including the principle of least privilege, and ensure that users and applications have only the necessary permissions.
- Establish a robust patch management process to ensure that security patches are evaluated, tested, and applied promptly.
- Conduct security audits and assessments to evaluate the overall security posture of your systems and networks.
- Implement network segmentation to contain and isolate potential threats to limit their impact on critical systems.